Step-in to reality: How to ensure effective outsourcing step-in rights

By Sue McLean, Baker & McKenzie LLP

Computerworld|

A prime example is when a customer insists on broad ‘step-in’ rights. Indeed, just last week I reviewed an application development and maintenance services agreement that included a widely drawn step-in clause. It struck me, not for the first time, that customers would be wiser to exercise a healthy dose of realism when it comes to step-in.

Step-in rights have been a common remedy in outsourcing deals (particularly in the financial sector) for many years. In the past, when services were provided on a dedicated basis, step-in was a more plausible remedy. However, with outsourced services increasingly provided through shared infrastructure and facilities with non-dedicated staff and third party technology, traditional step-in is now very rarely appropriate.

Instead of wasting time and effort negotiating rights which will never work and, at best, will only act as leverage in the event of service failure, it’s generally better for customers to pursue more realistic step-in rights. Not only will this avoid lengthy negotiations, but, more importantly, it will result in a more usable contract.

What are step-in rights?

In the most traditional sense, step-in rights involve the customer managing the provider’s resources to provide the services. More practically, step-in can mean temporarily moving the services away from the provider to an alternative provider, or taking greater control over service delivery. It’s vital to consider the impact of delivery realities, and any contractual issues when developing a practical approach to step-in rights.

Challenges & constraints

In order to come up with practical step-in rights, the customer should identify up-front potential challenges and constraints, e.g.:

service location (if the services are provided offshore, hands-on step-in may be extremely difficult);

customer’s level of internal resources and expertise;

necessary regulatory licences;

restrictions on access to third party software, equipment, etc;

the potential of further disruption and adverse impacts if step-in rights are exercised; and

the potential difficulty and expense of finding an alternative provider willing to step in within the required timeframe.

Triggers

a prolonged force majeure event which will, or is likely to, cause a serious business threat;

an event which entitles the customer to terminate (g. material breach);

a material delay in service provision;

a serious risk to the health or safety of persons or property; or

to comply with law, or required or advised by a regulator.

Again, the customer should be realistic when negotiating triggers. The provider is likely to push for limited triggers linked to material failures. If there are more practical remedies available, the customer should focus on those remedies rather than relying on step-in rights as a cure-all. In particular, step-in rights are not a replacement for robust disaster recovery and business continuity plans.

Notification

The contract will need to specify how step-in rights are exercised. The provider is likely to require a backstop date, whereas the customer will want as much flexibility as possible. However, before demanding wide step-in rights, the customer should consider whether particular services are severable, or whether there are constraints on exercising step-in rights only in respect of parts of the services.

Activities

Historically, step-in would involve the customer (or its nominee) taking over the services while they are being stabilised. However, it’s now rare to find circumstances where that’s appropriate. Taking over the services would involve taking control over facilities and staff, not just systems. And how feasible is it for a customer to parachute into a secure data centre and start telling someone else’s employees how to run a service without a detailed knowledge of the underlying processes and procedures? Moreover, where services are provided from an offshore site, or using shared infrastructure or the “cloud”, taking over the services is not going to be workable.

Therefore, the customer should focus on workable alternatives, e.g.:

suspending the provider’s performance of the services and procuring services from an alternative party during the step-in event; and/or

imposing greater management over service delivery, e.g., supervising staff based at customer sites, requiring staff training, shadow provider staff to evaluate the underlying cause of any problem, and/or requiring the provider to include the customer and/or any third party appointed by the customer in the provider’s remediation discussions and planning.

Engaging another provider to take over service delivery works best where the services are severable and can be performed remotely or from the customer’s facilities. This avoids the difficulty of convincing the original provider to allow a substitute provider (quite possibly a competitor) to access its facilities and systems. If the customer has appropriate internal resources, it may temporarily in-source the services without having to engage a new provider.

Whatever form of step-in rights is exercised, the customer should consider what support it needs from the provider (e.g., obtaining, or helping to obtain, consents / licences; access to infrastructure, resources, data, facilities, premises, personnel and information, etc). Detailed requirements will pay off if the customer ever needs to exercise its step-in rights.

Consequences

The effects of exercising step-in rights, (e.g. particularly on the charges) need to be considered upfront. The customer won’t want to pay for suspended services, and will want its additional costs covered by the provider. However, the provider may resist this, particularly where it has fixed costs, or where the step-in trigger isn’t related to the provider’s default. In addition, the provider may demand the customer be responsible for costs the provider incurs as a result of the customer’s acts or omissions during step-in.

It’s also wise to detail in the contract the impact of step-in on service performance. The provider will want reasonable service level relief if the customer or another provider takes control of service delivery. Where the step-in rights involve more subtle forms of control such as greater oversight, the customer may argue that service levels should continue to apply. Other impacts may need to be considered.

Stepping-Out

The contract should specify how and when step-in ends. Where a customer uses a replacement provider the step-out plan will need to align with the replacement provider contract. Where step-in involves enhanced oversight, the step-out plan may be carried out as a phased reduction in the customer’s supervision. Of course, even after exercising step-in rights, the customer may decide it needs to terminate the affected services or the contract. Retaining that flexibility is key.

Conclusion

By being more realistic about what’s achievable and carefully assessing the mechanics, customers can help ensure step-in is not a toothless remedy.